Rebecca Ward Consulting - Business Effectiveness and Planning

Recent Posts

2018 STOP Domestic Violence Conference Australia
Two slimming supplement brands sold online found to contain banned substances
The Dangerous Game of Telephone in Hospitals
What Causes Domestic Violence?
Broken to Brilliant - Audio Book Launch


Aged Care
Big Pharma
Cost Effectiveness
Domestic Violence
electronic health records
Emergency Department
Gun Control
Infectious Disease
Legal Humour
Medical Humour
Mental Health
Patient Safety
Presentation Skills
Public Speaking
Theatre Caps


July 2018
May 2018
April 2018
March 2018
February 2018
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
December 2015
November 2015
September 2015
August 2015
July 2015
June 2015
May 2015
February 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013

powered by

My Blog

Physicians can expect criminals to target their EHR (electronic health records)

Caution in Australia with electronic health records! Lessons from the US with EHR.

Stolen EHR Charts Sell for US$50 Each on Black Market
Robert Lowes Ref:

Physicians can expect criminals to increasingly target their electronic health records (EHRs) for patient information that they can sell on the black market for $50 per chart, warns the FBI. The agency's Cyber Division issued a memo earlier this month forecasting what already has become apparent with every hacked hospital Web site and stolen physician laptop — criminals see a golden opportunity in healthcare information technology. It's an opportunity born of the mandatory shift to EHRs, laxer safeguards in healthcare compared with those in the retail and financial sectors, and "a higher financial pay-out for medical records in the black market," according to the FBI.

The proliferation of EHR systems coupled with more and more medical devices connected to the Internet, the FBI said, "is generating a rich new environment for cyber criminals to exploit."
The federal program to encourage "meaningful use" of EHRs with bonuses and penalties has contributed to this state of vulnerability, said Steven Waldren, MD, an information technology expert and senior strategist with the American Academy of Family Physicians (AAFP).

The meaningful-use program, Dr. Waldren told Medscape Medical News, has pushed some medical practices to implement EHRs even though they weren't exactly ready to. "You have more naïve organizations from a technical standpoint adopting these things," said Dr. Waldren. And that naïveté extends to protecting patient information.

The organizations most vulnerable to hackers and identity thieves, added Dr. Waldren, are small physician practices and small community hospitals with scarcely any money to make the investments in data security that large hospital systems do.

Doable Defenses
Physicians aren't helpless in the face of data thieves. The AAFP's Dr. Waldren recommends protective measures that are doable even in a solo practice:
•Keep your software up-to-date and install all security "patches" offered by the vendor. "They plug holes that hackers can exploit to get into a system," said Dr. Waldren.
•Install only those applications on office computers that are needed to operate the practice. Letting an employee install an "instant messenger" program on his or her computer is asking for hacker trouble.
•Likewise, restrict the kinds of Web sites that employees can visit on company computers. Some sleazy sites are engineered to let hackers enter the practice's system.
•Talk to your EHR and billing software vendors about encrypting data on laptops, smartphones, and other mobile devices.
•Don't forget to establish rules for physically securing mobile devices as well. A laptop sitting on the backseat of a car invites a break-in. Why not put it in the trunk?
•Also ask your software vendors about the best practices that they recommend for customers. What's their advice on operating a wireless network in the office, for example?
•If you have an EHR that runs on a client-server network in your office, consider switching to an online, cloud-based system. "Having the server in the office pushes security requirements to the end user," said Dr. Waldren. Because the remote server of a cloud-based EHR system stores patient data from multiple medical practices, it may appear to be a more tempting target for hackers, but a large vendor has more resources to protect those assets than a single medical practice tending an office server, he said.

0 Comments to Physicians can expect criminals to target their EHR (electronic health records) :

Comments RSS

Add a Comment

Your Name:
Email Address: (Required)
Make your text bigger, bold, italic and more with HTML tags. We'll show you how.
Post Comment
Website Builder provided by  Vistaprint